{
  "name": "The long road to your crypto: ClipBanker and its marathon infection chain",
  "slug": "the-long-road-to-your-crypto-clipbanker-and-its-marathon-infection-chain",
  "description": "Proxifiers are speciaized software designed to tunnel traffic for programs that do not natively support proxy servers. They are a go-to for making sure these apps are functional within secured development environments. By coincidence, Proxifier is also a name for a proprietary proxifier developed by VentoByte, which is distributed under a paid license. If you search for Proxifier (or a proxifier), one of the top results in popular search engines is a link to a GitHub repository. That\u2019s exactly where the source of the primary infection lives.",
  "published": "2026-04-09T09:57:44.113000+00:00",
  "created_at": "2026-04-09T18:06:05.318000+00:00",
  "modified_at": "2026-04-09T16:06:05+00:00",
  "created_at_opencti": "2026-04-09T18:06:05.318000+00:00",
  "author": "AlienVault",
  "confidence": 100,
  "report_types": [
    "threat-report"
  ],
  "labels": [],
  "tags": [
    "2026-04-09"
  ],
  "related_entities": {
    "indicators": [
      {
        "id": "c17989cf-34b1-4813-ae47-60065a4de9c7",
        "name": "chiaselinks.com"
      },
      {
        "id": "0e3ef842-db03-4f17-ab4f-ce30cbea7442",
        "name": "fdae784b02b22916bf4bac1344b3e8e13f98996e3cd85f2daf171084983247e1"
      },
      {
        "id": "359f3918-71a3-49d9-9be9-198287ca0190",
        "name": "git.parat.swiss"
      },
      {
        "id": "fb507802-7a42-4e5b-99f4-c5e8a01ccb27",
        "name": "paste.kealper.com"
      },
      {
        "id": "7fcbed65-ecf1-4752-8221-7c6cbabd12fc",
        "name": "rlim.com"
      },
      {
        "id": "2e47eacc-8b71-47ee-bab4-5bee25b87466",
        "name": "pinhole.rootcode.ru"
      }
    ],
    "malware": [
      {
        "id": "e3e33490-dd34-4a18-85dd-2982e1ca97bd",
        "name": "ClipBanker",
        "slug": "clipbanker"
      }
    ],
    "observables": [
      {
        "id": "5a57d754-c8b3-4f6e-82cc-b1932a46db3a",
        "name": "chiaselinks.com"
      },
      {
        "id": "fd35225f-0c12-4af2-9441-0dc82a84a30c",
        "name": "rlim.com"
      },
      {
        "id": "a41cb668-75e1-498e-9bb4-7198472df6ac",
        "name": "git.parat.swiss"
      },
      {
        "id": "72086d55-041f-4e6c-a51b-606cd79e2a75",
        "name": "pinhole.rootcode.ru"
      },
      {
        "id": "8bb36dae-c7fc-487e-93be-1d08245f9b4e",
        "name": "paste.kealper.com"
      },
      {
        "id": "",
        "name": "fdae784b02b22916bf4bac1344b3e8e13f98996e3cd85f2daf171084983247e1"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "chiaselinks.com"
      },
      {
        "id": "",
        "name": "git.parat.swiss"
      },
      {
        "id": "",
        "name": "paste.kealper.com"
      },
      {
        "id": "",
        "name": "rlim.com"
      },
      {
        "id": "",
        "name": "pinhole.rootcode.ru"
      }
    ]
  },
  "external_refs": [
    {
      "id": "97c4d5aa-43bb-45b0-94a4-fcaa23f29861",
      "standard_id": "external-reference--476f8ae2-2bf2-55e8-a39a-512aa7f9cffd",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/",
      "hash": null,
      "external_id": null,
      "created": "2026-04-09T18:06:05.282Z",
      "modified": "2026-04-09T18:06:05.282Z",
      "createdById": null
    },
    {
      "id": "d4002f18-9a93-4fa6-b1dd-488af846e0ab",
      "standard_id": "external-reference--62daad66-a1a3-5a9b-b1d3-fd5dee60b07b",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://otx.alienvault.com/pulse/69d77818426ba84dc9eb0371",
      "hash": null,
      "external_id": "69d77818426ba84dc9eb0371",
      "created": "2026-04-09T18:06:05.258Z",
      "modified": "2026-04-09T18:06:05.258Z",
      "createdById": null
    }
  ]
}